PGP Utility?
Kevin D. Kinsey, DaleCo, S.P.
kdk at daleco.biz
Wed Mar 17 13:28:01 PST 2004
Bob Perry wrote:
> Kris Kennaway wrote:
>
>> On Wed, Mar 17, 2004 at 01:13:47AM -0500, Bob Perry wrote:
>>
>>
>>
>>> I installed gnupg-1.2.4_1, The GNU Privacy Guard, & read over the
>>> README
>>> and HOWTOs. Ran into a problem re "...unsafe ownership of the main
>>> configuration file...." Searched the mailing list archives with
>>> little luck
>>> but, more importantly, the users' mailing list was unavailable.
>>>
>>
>>
>> Well, what is the ownership? gnupg probably expects it to be owned by
>> the user and not to be world- or group- writable, and maybe not to be
>> readable either. i.e. the permissions on the file should be secure.
>>
>>
>>
>>> My objective was to just install a security patch. Is the file
>>> verification
>>> step really necessary?
>>>
>>
>>
>> That all depends on whether or not you have a trojaned copy of the
>> security patch :-)
>>
>> Kris
>>
>>
> Kris,
>
> I'm at the stage now, where I need to validate and certify the
> Security Officer's PGP key before I can verify the signature.
> Documentation suggests "...comparing
> the key during a phone call." Later, there is the reality that "If
> you don't know the
> owner of the public key you are really in trouble."
>
> Is there some recommended course to follow when it comes to handling
> these
> FreeBSD security patches?
>
> Thanks,
>
> Bob
PGP keys for all the FreeBSD officers are available in
an appendix D of the FreeBSD handbook. If your local
copy is old, you could check the online version at
www.freebsd.org/handbook.
HTH,
Kevin Kinsey
DaleCo, S.P.
More information about the freebsd-questions
mailing list